CVE-2017-17749
Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.
Source: CVE-2017-17749
[월:] 2018년 03월
CVE-2018-8968
CVE-2018-8968
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Source: CVE-2018-8968
CVE-2018-8967
CVE-2018-8967
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
Source: CVE-2018-8967
CVE-2017-17751
CVE-2017-17751
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.
Source: CVE-2017-17751
CVE-2017-17750
CVE-2017-17750
Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.
Source: CVE-2017-17750
CVE-2018-8965
CVE-2018-8965
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Source: CVE-2018-8965
CVE-2018-8966
CVE-2018-8966
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Source: CVE-2018-8966
CVE-2018-8964
CVE-2018-8964
In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.
Source: CVE-2018-8964
CVE-2018-1000138
CVE-2018-1000138
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.
Source: CVE-2018-1000138
CVE-2018-1000137
CVE-2018-1000137
I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator’s knowledge.
Source: CVE-2018-1000137